A LoadBalancer service and registration with a private load balancer

Dear Colleagues,

When I create a service of type LoadBalancer, it is supposed to register the k8s cluster somehow with a cloud provider’s loadbalancer. I don’t quite understand how it works (how the registration is implemented internally), but my question is related.

How can I make a LoadBalancer service register itself with some private load balancer (not one belonging to the big cloud operators but my own on-premise one)? I see several variants as an example:

  • k8s registers the IP addresses of its pods in a DNS zone
  • k8s registers a service in Consul
  • k8s generates a haproxy.cfg
  • ???

Can you please point me in the right direction? Maybe my whole direction of thought is wrong?

Of course I can always use a NodePort type of service and manually list the IP addresses and ports of all pods in haproxy.cfg, but I will lose automation when pods are created and terminated.

What LB provider are you using on-prem?

Some offer native Kubernetes integrations that help solve that, for example here’s citrix’s solution Expose services of type LoadBalancer - Citrix ADC ingress controller for Kubernetes. You may also want to check out kube-vip and metalLB

All such controllers are async to the API. In general a cluster has 1 LB provider (but that assumption is changing). The provider controller watches Services and creates LBs in response. If you are not already using a provider, like a cloud, you can run one or write your own. How it works is up to you! Nodeports are an option, but not required.

What LB provider are you using on-prem?

I currently use haproxy with health-checks (can it qualify as an “LB provider”?).

Some offer native Kubernetes integrations that help solve that,

Thank you for the info, the documentation on Citrix and MetalLB was very educational, I’ll probably try out MetalLB.

you can run one or write your own.

What if I just create an Ingress controller and use it as an entry point into the k8s cluster? What are the drawbacks of this approach?

The Citrix documentation (link above) compares these two solutions as more or less equal, is this correct?

Of course this Ingress controller should be bound to a permanent LAN IP address of a Node, can this be configured? A static pod or whatever?

Just if you had access to something like Citrix or F5 that you could leverage.

Excuse me? I did not understand your reply, can you please rephrase?

Oh sorry. I was just curious if you already had access to a load balancing appliance (like an F5 or Citrix that you could potentially take advantage of instead of building new.

No, I don’t. They are both commercial products, are they not? I was looking for something free.

I already have a Consul cluster. I thought if I could make k8s register its services in the Consul cluster (thus making the IPs and ports available via DNS SRV records) this would be sufficient for me.

Ya it’s was more just if you already had access to those for convenience :slight_smile: If you don’t the other services should do you good.

Not sure about using a Consul cluster, not something I’ve looked into or tried before.

Netris has an on demand LB that integrates directly with k8s via the Netris Operator. It runs at line rate (100Gb) with with a SmartNIC with DPDK: